Finext
ICT plays a major role in company security. Especially if you have little or no time to arrange this properly yourself, it is useful to collaborate with someone you can rely on and who will take all the work off your hands. For this client case we spoke with Leon den Braber of Finext. Every branch within Finext has its own team, and sometimes it can be difficult to organize matters. Our specialist Marco Janse delved into their situation and realized the best possible solution.
what was the reason for seeking security assistance?
Marco: "I personally took the initiative to approach Finext to raise the potential threats and problems with them regarding security. They were already working with a version of Intune, however, the new version of this would be more suitable for Finext. It works better with Windows 10. It has many more options than the old version. Also with the GDPR legislation."
what is intune?
With Intune, you have a good overview of what devices are all connected, such as all laptops and mobile devices in circulation. If you don't have a good overview of how these are secured, you also don't know if your data is distributed outside the organization or not. Nor can you control how your data is managed.
Marco: "The old Intune version was installed on only a few laptops. As a result, you didn't get accurate status reports of all laptops. For example of laptops that had been inactive for a long time. New laptops are now immediately added to Intune, so you always have an up-to-date overview. This used to be done manually. Not every user logged on so it quickly became cluttered and did not give a real overview of all users."
what were the biggest concerns at Finext?
Marco: "In case of theft or losing a device, you didn't know if it was adequately secured. With Intune, you can implement conditions such as automatically encrypting all documents. The encryption is done via Bitlocker; employees are notified when they have not yet configured this and thus do not comply with the policy.
At the time of writing, a small percentage still needs to be linked. Many employees are often seconded to customers, which is why it took some time for everyone to be completely up-to-date. For example, some employees were still working with Windows 7 or had not used their laptops for a while and thus missed updates. First all (mobile) workstations had to be brought up to date before a link with the organization and Intune could be realized."
Leon: "With the new AVG, we also needed to be well prepared as a company. That counted heavily in our decision to take it seriously. A great diversity of devices had arisen within our company because each employee buys their own device. It can happen that our employees use a laptop or phone for both business and personal use. Also, there is no requirement for the type of devices. So the type of operating systems used also varies widely. We work a lot with financial companies so there really can't be any data lying on the street. With Intune, we hoped to create a secure and organized environment while still being able to maintain our company's identity."
With the new AVG coming up, we also need to be well prepared as a company.
Leon den Braber - Finext
what steps will you take next?
Marco: "We are currently working on the policies within the organization and are determining the right level of access for users. This is handy when there are confidential documents and folders that not everyone gets access to. Mobile devices such as business phones still need to be added to Intune in addition to all the laptops that are already logged in.
Also last month, we set up Multifactor Authentication with all users. This always requires a second factor to authenticate, such as an SMS or an app on a smartphone. With an SMS or app, users can confirm their identity with an extra step when logging in."
how did this project go?
Marco: "First we did an inventory of who was still working with the outdated Intune version and who was not. We then communicated to all employees that a transition would soon take place and described all the steps involved. In preparation for the rollout, we set up the new Intune environment and incorporated certain policy controls into it. Every device that is connected to this environment has to meet certain requirements. Then we guided the employees around the new system and fixed any problems."
what did the transition look like at Finext?
"All niches within Finext have their own ICT manager. They have had a pilot of the new Intune. An email was then sent out with actions to be carried out properly before, during and after the transition. All ICT managers receive an update every so often with information about the users and what still needs to be done. By now, almost all employees are already properly connected."
Leon: "Referit has long been our vendor and manages our IT environment. When there was talk of a new version of Intune, we agreed together that it was necessary for our business. We started the rollout early this year and are now busy arranging the last things. In total we have 150 people working here, so this has all been taken care of fairly quickly."
what tools and apps are being used to establish this project?
Marco: "Intune is a workplace management program. This includes laptops, phones, and all other devices within the organization. You can manage these, administer them remotely, and provide them with the organization's current policies. Among other things, you can encrypt the device and its documents or make updates. You can also implement a major feature update in phases, for example, so it runs a little smoother which can be useful with a larger company. Security updates are immediately forwarded to all users.
Antivirus policy and monitoring is also possible. With Windows 10, Android and iOS you can get by far the most out of it in terms of options. All kinds of actions that are important to the company can be arranged thanks to Intune. Private data cannot be viewed and all users are notified of what Intune can and cannot view and manage. Now should a user fall behind with updates, there may be limited access to company applications and data so your organization is not at risk."
what to do in case of theft?
"In case of theft and losing your device, you can wipe it remotely. Once connected to the Internet, all data is remotely erased. Also, all data is already encrypted so that even a sophisticated hacker cannot do anything with the files on the laptop or phone. Follow-up steps in terms of policy measures are still being considered before May 25. There are many possibilities, but this depends on Finext's interests and policy. Referit mainly has an advisory role in this. Ultimately, of course, the customer always determines the policy. Intune and Multifactor are already a standard part of Office 365 and Enterprise Mobility & Security."
what is the most positive outcome of this project?
Leon: "The system works well, we haven't encountered any problems so far, so then you can conclude that it works. The feeling of security and that you don't risk any fines is a nice feeling. This allows us as a company to go into the new regulations well prepared. Our 'Bring your own device' principle can be risky, so it's good that this is now regulated."
Marco: "Everything has been reviewed and secured again. The personal contact with employees was also very nice, because we could properly explain the importance of the security measures. And why this change was necessary."
how was the transition for the staff?
Leon: "For the most part, the transition went fairly smoothly. Occasionally there were some technical issues or instructions were not yet entirely clear for our colleagues. All ICT managers from the various departments helped the rest of our colleagues with the transition. If they couldn't quite figure it out, the person in question was put in touch with Marco to resolve it."
what's coming next?
Marco: "The policy will be reviewed regularly and both Intune and new Windows versions often get new features. So you can proactively manage to add these features or make changes. At the moment I mainly advise them around all new developments in security and the benefits of this for the company. I also create the reports. This gives Leon and Finext's ICT managers a weekly overview of all users and what still needs to be done.
There are also procedures to be adapted, such as for employees going in and out of service. In order for these procedures to run smoothly, we can work on a standard information package, for example. This package the new employees can receive on how to get started with Intune. Because of this, the processes within the company should also go along with these changes."
It is nice that we always figure things out together. We can go to Referit for any problem and I have never experienced that we have not been able to solve something.
Leon den Braber - Finext
how did you find the cooperation?
Leon: "Short communication lines and they clearly know their stuff! The direct approach and accessibility is very nice, you immediately have the right person on the line and you know what to expect. Within a reasonable period of time, everything was well arranged by Referit. We as a company are fairly unstructured and chaotic. We received all instructions via Referit in normal human language so that everything was clear to us. And thus could create order in our "chaos". It is great that we always figure things out together. We can go to Referit for any problem. I have never experienced that we were unable to solve something."
conclusion.
Marco: "There is now more awareness within the company about the risks of data loss and the consequences of this for the organization and any parties involved. That in itself is a huge step in the right direction and also creates a lot of understanding around the transition. And real strides have been made in terms of the company's information - and that of Finext's clients."